5 comments

[ 0.17 ms ] story [ 31.6 ms ] thread
This is one of the few times that xkcd.com is better suited to HN than to Reddit. If you want to hear more about the superiority of passphrases, a Microsoft blogger wrote a series of articles on them waaaay back in 2004. I've been using them since then -- they're elegant, they work well, and simple inspection shows them to be better than my dictionary_word+modifier standard passwords. (Which, to be fair, I should migrate from some time when I get a week free to go to every place I've ever used a password...)

http://blogs.technet.com/b/robert_hensing/archive/2004/07/28...

And then you eventually run into the plethora of web apps which will not allow spaces, require some combination of capitals or numbers, or tell you that your password can't possibly be that long... and then we're back to square one.
Randal Munrow (the creator behind XKCD) is a genius, and frequently comes out with great comics that like that show a great ability to communicate and a deep knowledge of computing and science.
I hope people don't follow this advice and use a small subset of memorable passphrases across many, many sites. There are countless examples of incompetent application developers recording passwords insecurely (once hacked, your login/pw is now easily testable against other sites).

You should use a long passphrase (like Randall is talking about) with a password manager that can manage ~500 equally difficult passwords.

this makes me soooooo very happy.